← Back

CVE-2019-4448

nvd nist
Published: Aug 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489.

Affected (6)

Ibm
1 product
Db2 High Performance Unload Load
Configuration A
6 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Ibm
Db2 High Performance Unload Load
Version 6.1.0.1
Db2 High Performance Unload Load
Version 6.1.0.1 if1
Db2 High Performance Unload Load
Version 6.1.0.1 if2
Db2 High Performance Unload Load
Version 6.1.0.2
Db2 High Performance Unload Load
Version 6.1.0.2 if1
Db2 High Performance Unload Load
Version 6.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.